Red Delta

Threat Actor Profile Updated 3 months ago
Download STIX
Preview STIX
Red Delta is a threat actor, a term used in cybersecurity to describe an entity that executes actions with malicious intent. This could be an individual, a private company, or a government organization. Red Delta has been identified as being involved in a series of cyber threats and attacks. In a historical campaign, this group delivered a Dropbox URL containing a variant of the PlugX malware, which aligns with Recorded Future's analysis of Red Delta's usual modus operandi. Proofpoint researchers have expressed high confidence that the operator involved in recent campaigns delivering the PlugX malware is the same one previously identified in 2020 as part of Recorded Future's Red Delta campaign. The consistency in the type of malware used and the delivery method suggests a significant overlap between these two instances of cyber threat operations. Further reinforcing the connection, Proofpoint assesses that there is a substantial overlap between the entities TA416 and Red Delta. Both groups targeted European diplomatic entities in their campaigns from August 2020 and November 2021. They utilized SMTP2Go to impersonate an external diplomatic organization, a tactic designed to facilitate communication with their end targets. This consistent pattern of behavior underscores the persistent threat posed by Red Delta and similar actors in the realm of cybersecurity.
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Mustang Panda
1
Mustang Panda, also known as Bronze President, Nomad Panda, Naikon, Earth Preta, and Stately Taurus, is a Chinese-aligned threat actor that has been associated with widespread attacks against various countries in the Asia-Pacific region. The group's malicious activities were first traced back to Mar
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
PlugXUnspecified
1
PlugX is a notorious malware, typically associated with Chinese threat actors, that has been used in various cyberattacks. This malicious software infiltrates systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data for ransom. It
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Red Delta Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
The Good, the Bad, and the Web Bug: TA416 Increases Operational Tempo Against European Governments as Conflict in Ukraine Escalates | Proofpoint US